1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in
Version 61 (modified by hyd_danmar, 3 years ago)

1.50 is planned to be released on august 13th

Cppcheck development

This wiki is about Cppcheck development

Debug output

The debug messages are not official and you can't expect that any plugins will handle them. The debug messages are not described nor listed anywhere. The debugging interface is not guaranteed to be compatible in the future so your shell scripts etc might break at any time if you use it.

The --debug-warnings flag enable warnings about unhandled code, bailouts, etc.

To see extensive debug output use --debug. This is most useful on small code samples because it is verbose. The code that is shown should be as simplified as possible. Any calculations that are known at compile time should be reduced. So if you see something in the code that can be simplified report it.

Creating new tickets

Defects:

  • false positive
  • hang / crash
  • fail to compile

Enhancements:

  • new checks
  • an existing check fails to detect bug (use the component "improve check")
  • suggestions about different output

Source code

Latest version is available on github. You can use svn/git:

  • git:
    git clone git://github.com/danmar/cppcheck.git
    
  • svn:
    svn checkout http://svn.github.com/danmar/cppcheck
    

Simple issues to fix

If you want to help us you can start by looking at the tickets that we consider to be simple. http://sourceforge.net/apps/trac/cppcheck/query?status=new&col=id&col=summary&keywords=~simple

How to submit a patch

Create a ticket that describes the problem. Then add your patch as a file attachment.

Status

Version 1.50 is planned to be released on August 13th.

Overview

Cppcheck is basically a pattern matcher. The input code will be matched against various patterns that are known to be bugs.

Analyzing a file is made in 3 steps:

  1. Preprocess
  2. Tokenize
  3. Run all checks - pattern matching of the tokens

Developer information

  1. More information is available through this webpage: http://cppcheck.sourceforge.net/devinfo/
  2. List of current ErrorMessages and suggestions how they could be improved.

Investigating false negatives

One method to detect false negatives is to "blindly" try various cases. Different developers will try slightly different cases and therefore it is not impossible to detect false negatives with this method.

Another method is to compare Cppcheck output against other tools. For instance the result files for SATE2010 (http://samate.nist.gov/SATE2010.html) can be compared.

A third method is to try to break down the analysis and see the weaknesses in Cppcheck. Look at these pages and report if you see any limitations: